Among them is a new approach used by pay day loan phone scammers, who have been targeting individuals for the last three years:

The scam involves victims being relentlessly contacted at their residences and places of employment regarding claims they are delinquent on a payday loan. Various coercion techniques have been used by the subjects in an attempt to persuade the victim to send money. Such techniques have evolved from repeated annoying phone calls to abusive language, threats of bodily harm, and arrests.

The IC3 has become aware of increased coercion tactics used by the subjects, which have created a threat to emergency services across the nation. The threats have now escalated into a Telephony Denial of Service (TDoS) attacks against the victims' employers, which some have been emergency service agencies.

The TDoS attacks have tied up the emergency services' telephone lines, preventing them from receiving and responding to legitimate emergency calls.

The other tactic the subjects are now using in order to convince the victim that a warrant for their arrest exists is by spoofing a police department's telephone number when calling the victim. The subject claims there is a warrant issued for the victim's arrest for failure to pay off the loan. In order to have the police actually respond to the victim's residence, the subject places repeated, harassing calls to the local police department while spoofing the victim's telephone number.

The task force also warns about a new twist to the online tech support scam, warning that some users experienced and reported their computer screen turning blue and eventually black prior to receiving the scammy Tech Support call.

"At this time, it has not been determined if this is related to the telephone call or if the user had been experiencing prior computer problems," says the IC3, but users are all the same advised to be wary of such "coincidences."

The list of the most popular passwords in 2012 hasn't changed much - as in the previous year, password, 123456 and 12345678 occupy the first three spots, followed by the likes of qwerty, letmein, 111111 and iloveyou. New entires in the list include jesus, welcome, ninja, mustang and password1.

For more details about how to chose a good password and about other scams that have targeted users in the past few months - including an advanced fee scam that invokes the IC3 for “legitimacy” - check the task force's report.

Spotlight

By working with the DevOps team, you can ensure that the production environment is more predictable, auditable and more secure than before. The key is to integrate your security requirements into the DevOps pipeline.

A critical vulnerability in ANTlabs InnGate devices, a popular Internet gateway for visitor-based networks and commonly installed in hotels and convention centers, has been discovered. The flaw could allow an attacker to monitor or tamper with traffic to and from any hotel WiFi user's connection.

In this interview, Raj Samani, VP and CTO EMEA at Intel Security, talks about successful information security strategies aimed at the critical infrastructure, government challenges, the role of regulation, and more.